• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4A
• /
• pp.241-249
• /
• 2005

ATM based MPLS(Multiprotocol Label Switching) is discussed for its provisioning QOS commitment capabilities, Traffic engineering and smooth migration for BcN in Korea. At this time, due to the comprehensive nature of ATM protocol, ATM has been adapted as the backbone system for carrying Internet traffic[1,2,3,4]. This paper presents preventive congestion control mechanisms for detecting HTR(Hard-To-Reach) LSP(Label Switched Path) in ATM based MPLS systems. In particular, we have introduced a HTR LSP detection method using network signaling information in an ATM layer. MPLS related studies can cover LSP failures in a physical layer fault, it can not impact network congestion status. Here we will present the research results for introducing HTR LSP detection methods and control mechanisms and this mechanism can be implementing as SOC for high speed processing a packet header. We concluded that it showed faster congestion avoidance abilities with a more reduced system load and maximized the efficiency of network resources by restricting ineffective machine attempts.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4706-4726
• /
• 2019

The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.1
• /
• pp.85-94
• /
• 2014

This paper studied the detection technique using file DNA-based behavior pattern analysis in order to minimize damage to user system by malicious programs before signature or security patch is released. The file DNA-based detection technique was applied to defend against zero day attack and to minimize false detection, by remedying weaknesses of the conventional network-based packet detection technique and process-based detection technique. For the file DNA-based detection technique, abnormal behaviors of malware were splitted into network-related behaviors and process-related behaviors. This technique was employed to check and block crucial behaviors of process and network behaviors operating in user system, according to the fixed conditions, to analyze the similarity of behavior patterns of malware, based on the file DNA which process behaviors and network behaviors are mixed, and to deal with it rapidly through hazard warning and cut-off.

• Journal of KIISE:Information Networking
• /
• v.33 no.2
• /
• pp.113-130
• /
• 2006

Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers' attacks on network and handles them properly However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel's network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3B
• /
• pp.152-158
• /
• 2008

Recently, DDoS (Distributed Denial of Service) attack has emerged as one of the major threats and it's main characteristic is to send flood of data packets toward a specific victim. Thus, several attack detection schemes which monitor the destination IP address of packets have been suggested. The existing Bloom Filter based attack detection scheme is simple and can support real-time monitoring. However, since this scheme monitors the separate fields of destination IP address independently, wrong detection is comparatively high. In this paper, in order to solve this drawback, an efficient Bloom Filter based destination address monitoring scheme is proposed, which monitors not only separate fields but also relationship among separate fields. In the results of simulation, the proposed monitoring scheme outperforms the existing Bloom Filter based detection scheme. Also, to improve the correctness of detection, multi-layerd structure is proposed and the correctness of result is improved according to the number of layers and extra tables.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1B
• /
• pp.29-40
• /
• 2004

In this paper, we propose a new early congestion detection and notification technique called QR-AQM. Unlike RED and it's variation, QR-AQM measures the total traffic rate from TCP sessions, predicts future network congestion, and determine the packet marking probability based on the measured traffic rate. By incorporating the traffic rate in the decision process of the packet marking probability, QR-AQM is capable of foreseeing future network congestion as well as terminating congestion resolution procedure in much more timely fashion than RED. As a result, simulation results show that QR-AQM maintains the buffer level within a fairly narrow range around a target buffer level that may be selected arbitrarily as a control parameter. Consequently, compared to RED and its variations, QR-AQM is expected to significantly reduce the jitter and delay variance of packets traveling through the buffer while achieving nearly identical link utilization.

• Journal of Korea Multimedia Society
• /
• v.16 no.8
• /
• pp.954-961
• /
• 2013

To enhance the efficiency of network, content-centric networking (CCN), one of future Internet architectures, allows network nodes to temporally cache transmitted contents and then to directly respond to request messages which are relevant to previously cached contents. Also, since CCN uses a hierarchical content-name, not a host identity like source/destination IP address, for request/response packet routing and CCN request message does not include requester's information for privacy protection, contents-providers/ network nodes can not identify practical requesters sending request messages. So to send back relevant contents, network nodes in CCN records both a request message and its incoming interfaces on Pending Interest Table (PIT). Then the devices refer PIT to return back a response message. If PIT is exhausted, the device can not normally handle request/response messages anymore. Hence, it is needed to detect/react attack to exhaust PIT. Hence, in this paper, we propose improved detection/reaction schemes against attacks to exhaust PIT. In practice, for fine-grained control, this proposal is applied to each incoming interface. Also, we propose the message framework to control attack traffic and evaluate the performance of our proposal.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.80-91
• /
• 2010

Due to the convergence of broadcasting and communications, IPTV services are spotlighted as the that next-generation multimedia services. IPTV services should have functionality such as unlimited channel capacity, extension of media, QoS awareness and are required increasing traffic and quality control technology to adapt the attributes of IPTV service. Consequently, flow based quality control techniques are needed. Therefore, many studies for providing Internet QoS are performed at IETF (Internet Engineering Task Force). As the buffer management mechanism among IP QoS methods, active queue management method such as RED(Random Early Detection) and modified RED algorithms have proposed. However, these algorithms have difficulties to satisfy the requirements of various Internet user QoS. Therefore, in this paper we propose the Flow based AQM(Active Queue Management) algorithm for the multimedia services that request various QoS requirements. The proposed algorithm can converge the packet loss ratio to the target packet loss ratio of required QoS requirements. And we present a performance evaluation by the simulations using the ns-2.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9B
• /
• pp.914-922
• /
• 2009

In this paper, we propose a matrix based real-time pattern matching method, called MDPI, for real-time intrusion detection on several Gbps network traffic. Particularly, in order to minimize a kind of overhead caused by buffering, reordering, and reassembling under the circumstance where the incoming packet sequence is disrupted, MDPI adopts independent partial matching in the case dealing with pattern matching matrix. Consequently, we achieved the performance improvement of the amount of 61% and 50% with respect to TCAM method efficiency through several experiments where the average length of the Snort rule set was maintained as 9 bytes, and w=4 bytes and w=8bytes were assigned, respectively, Moreover, we observed the pattern scan speed of MDPI was 10.941Gbps and the consumption of hardware resource was 5.79LC/Char in the pattern classification of MDPI. This means that MDPI provides the optimal performance compared to hardware complexity. Therefore, by decreasing the hardware cost came from the increased TCAM memory efficiency, MDPI is proven the cost effective high performance intrusion detection technique.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1332-1335
• /
• 2008

In order to various service types of real time and non-real time traffic with varying requirements are transmitted over the IEEE 802.16 standard is expected to provide quality of service(QoS) researchers have explored to provide a queue management scheme with differentiated loss guarantees for the future Internet. The sides of a packet drop rate, an each class to differential drop probability on achieving a low delay and high traffic intensity. Improved a queue management scheme to be enhanced to offer a drop probability is desired necessarily. This paper considers multiple random early detection with differential drop probability which is a slightly modified version of the Multiple-RED(Random Early Detection) model, to get the performance of the best suited, we analyzes its main control parameters (max_th, min_th, max_p) for achieving the proportional loss differentiation (PLD) model, and gives their setting guidance from the analytic approach. we propose Dynamic-multiple queue management scheme based on differential drop probability, called Dynamic-VQSDDP(Variable Queue State Differential Drop Probability)T, is proposed to overcome M-RED's shortcoming as well as supports static max_p parameter setting values for relative and each class proportional loss differentiation. M-RED is static according to the situation of the network traffic, Network environment is very dynamic situation. Therefore max_p parameter values needs to modify too to the constantly and dynamic. The verification of the guidance is shown with figuring out loss probability using a proposed algorithm under dynamic offered load and is also selection problem of optimal values of parameters for high traffic intensity and show that Dynamic-VQSDDP has the better performance in terms of packet drop rate. We also demonstrated using an ns-2 network simulation.